[Samba] Element not found error
rowlandpenny at googlemail.com
Thu Sep 25 11:20:48 MDT 2014
On 25/09/14 17:58, Brian C. Huffman wrote:
> On 09/23/2014 02:47 PM, Marc Muehlfeld wrote:
>> Am 23.09.2014 um 20:02 schrieb Brian C. Huffman:
>>> I was finally able to get this to work, but I had to do the following
>>> (which is not on the main file shares wiki page):
>>> After making the directory on the Samba member server, I did the
>>> following (from the profiles wiki page):
>>> chmod 1770 /share
>>> chgrp "Domain Users" /share
>>> Then I'm able to add "Domain Admins" group with full control in Windows
>>> computer management and from there I'm good.
>>> Should this be added to the wiki? Or maybe this is a side effect of
>>> something else I did wrong?
>> Normally this shouldn't be necessary.
>> - Which account did you used to add the ACL?
> An account I created that is a member of Domain Admins
>> - Is this account mapped in the backend (e. g. to root)?
> umm. Maybe this is the problem? I don't think I have this. I did
> try at one point to add an smbusers file with the following line, but
> it didn't seem to help:
> root = administrator admin
>> - Can you show me your smb.conf (global and the share config)
> netbios name = samba02
> workgroup = ETI
> realm = XMEN.ETI
> security = ads
> idmap config * : range = 16777216-33554431
> template homedir = /home/%U
> template shell = /bin/bash
> winbind use default domain = true
> winbind offline logon = false
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
Hi, with the above, samba has nowhere to map the users to, if you don't
want to use the 'ad' backend, then you need to use the rid backend:
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config ETI:backend = rid
idmap config ETI:range = 500-40000
Changing the numbers to match your requirements.
> # Added for ACL Support
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> path = /samba/etifiles
> read only = no
> I'll admit I'm not too sure about the idmap config. I'm looking for
> the simplist configuration that will work. The wiki for setting up
> member server suggests some different idmap config options, but it
> references schema mode rfc2307 and I don't think I have that.
If you are using samba4 as the AD DC, then you do have rfc2307, but you
will need to give yours users a uidNumber and your groups a gidNumber.
Information about this is available on the samba wiki and elsewhere on
More information about the samba